[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 21 08:14:01 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc7e77d3 by security tracker role at 2025-11-21T08:13:50+00:00
automatic NOT-FOR-US entries update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
CVE-2025-64770 (The affected products allow unauthenticated access to Open Network Vid ...)
TODO: check
CVE-2025-64762 (The AuthKit library for Next.js provides convenient helpers for authen ...)
- TODO: check
+ NOT-FOR-US: Next.js
CVE-2025-64755 (Claude Code is an agentic coding tool. Prior to version 2.0.31, due to ...)
TODO: check
CVE-2025-64751 (OpenFGA is a high-performance and flexible authorization/permission en ...)
@@ -47,99 +47,99 @@ CVE-2025-58097 (The installation directory of LogStare Collector is configured w
CVE-2025-49752 (Azure Bastion Elevation of Privilege Vulnerability)
TODO: check
CVE-2025-36160 (IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server inform ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36159 (IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36158 (IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36153 (IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-36072 (IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 throu ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2025-25613 (FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45 ...)
TODO: check
CVE-2025-13499 (Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows de ...)
TODO: check
CVE-2025-13485 (A security flaw has been discovered in itsourcecode Online File Manage ...)
- TODO: check
+ NOT-FOR-US: itsourcecode System
CVE-2025-13484 (A vulnerability was identified in Campcodes Complete Online Beauty Par ...)
- TODO: check
+ NOT-FOR-US: Campcodes
CVE-2025-13322 (The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary f ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13159 (The Flo Forms \u2013 Easy Drag & Drop Form Builder plugin for WordPres ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13142 (The Custom Post Type plugin for WordPress is vulnerable to Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13135 (The HotelRunner Booking Widget plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13134 (The AuthorSure plugin for WordPress is vulnerable to Cross-Site Reques ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-13087 (A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC ...)
TODO: check
CVE-2025-12894 (The Import WP \u2013 Export and Import CSV and XML files to WordPress ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12881 (The Return Refund and Exchange For WooCommerce plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12746 (The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12661 (The Pollcaster Shortcode Plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12660 (The Padlet Shortcode plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12170 (The Checkbox plugin for WordPress is vulnerable to unauthorized loss o ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12169 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12138 (The URL Image Importer plugin for WordPress is vulnerable to arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12135 (The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12086 (The Return Refund and Exchange For WooCommerce plugin for WordPress is ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12085 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12023 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-12022 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11985 (The Realty Portal plugin for WordPress is vulnerable to unauthorized m ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11885 (The EchBay Admin Security plugin for WordPress is vulnerable to Reflec ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11815 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11802 (The Bulma Shortcodes plugin for WordPress is vulnerable to Stored Cros ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11801 (The AudioTube plugin for WordPress is vulnerable to Stored Cross-Site ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11800 (The Surbma | MiniCRM Shortcode plugin for WordPress is vulnerable to S ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11799 (The Affiliate AI Lite plugin for WordPress is vulnerable to Stored Cro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11773 (The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11771 (The Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11770 (The BrightTALK WordPress Shortcode plugin for WordPress is vulnerable ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11768 (The Islamic Phrases plugin for WordPress is vulnerable to Stored Cross ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11767 (The Tips Shortcode plugin for WordPress is vulnerable to Stored Cross- ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11765 (The Stock Tools plugin for WordPress is vulnerable to Stored Cross-Sit ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11764 (The Shortcodes Bootstrap plugin for WordPress is vulnerable to Stored ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11763 (The Display Pages Shortcode plugin for WordPress is vulnerable to Stor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11456 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11368 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-11003 (The UiPress lite | Effortless custom dashboards, admin themes and page ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-10938 (The UiPress lite plugin for WordPress is vulnerable to Sensitive Infor ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2025-9820 [GNUTLS-SA-2025-11-18]
- gnutls28 <unfixed>
[trixie] - gnutls28 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc7e77d3a398c03ab6b0a1912d4c31af5ebbff76
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc7e77d3a398c03ab6b0a1912d4c31af5ebbff76
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251121/202ab9b3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list